RackGuardian logo

by AlphaGuardian

Full Protection for Your Rack OT Systems

Your rack power and environmental systems are a perfect backdoor for cyberattacks. Protect them with RackGuardian.

App screenshot

Internet-of-Things (IoT) and Operational Technology (OT) devices represent a rapidly expanding, often unchecked risk surface affecting a wider array of industries and organizations... Ransomware attacks, previously perceived as an IT-focused attack vector, are today affecting OT environments... critical infrastructure is at increased risk.

- Microsoft Corporation
Percentage of companies with lack of visibility into all OT systems on their networks (end of 2022)3
80%
OT systems attacked to implement malware (end of 2022)2
40.6%
Growth in vulnerabilities discovered in OT systems (end of 2022)3
27%

RackGuardian: The new Standard

Whether you need to protect your network closets, MDF or IDF rooms, Server rooms or network edge sites, RackGuardian has your racks covered. We know that most every company has to protect their racks and data to the latest security standards, including:

The HIPAA security compliance standards require Comprehensive Cyber, Physical and Operational Protection Measures. This includes HIPAA Security for Racks. The following are quotations from HIPAA regulations:

  • Physical access monitoring and control - HIPAA Security for Racks is key for any healthcare organization or business partner. The Department of Health and Human Services, nearly half of HIPAA Security violations for 2016 involved breaches of Physical Security. HIPAA regulations specifically define Physical Network Security requirements and these include Section 164.310: Facility Access Controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed. Physical access control is a key piece of HIPAA compliance and must be implemented for all entities covered under this law.
  • Backup power monitoring and control - Backup Power is a necessity to allow the protection of and access to critical medical records in the event of a power back out or other power event. This requirement is described in HIPAA Security “ 164.308(a)(7)(ii)(C) Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. When a covered entity is operating in emergency mode due to a technical failure or power outage, security processes to protect EPHI must be maintained.”
  • Environmental monitoring and control - Medical records must be protected from more than just cyber or physical threats. HIPAA Security standards require that they must also be protected from destruction in the event of a natural or environmental event. This is specifically provided for in HIPAA Section 164.304 “Physical safeguards are physical measures, policies, and procedures to protect a covered entity's electronic information systems and related buildings and equipment, from natural and environmental hazards…”

The Credit Card Payments PCI DSS security compliance standards require Full Cyber, Physical and Operational Measures. The following quotes are directly from the latest standards issued May 2015:

  • Cyber-secure access control - Requirement 1.1 “Establish and implement firewall and router configuration standards…Firewalls and routers are key components of the architecture that controls entry to and exit from the network. These devices are software or hardware devices that block unwanted access and manage authorized access into and out of the network. Configuration standards and procedures will help to ensure that the organization's first line of defense in the protection of its data remains strong.” Firewalls must protect your system monitoring traffic as well as your networked power and environmental monitoring systems.
  • Secure access monitoring and control - Requirement 9 “Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted… Criminals attempting to gain physical access to sensitive areas will often attempt to disable or bypass the monitoring controls. Sensitive areas refer to any data center, server room or any area that houses systems that store, process, or transmit cardholder data.”
  • Power monitoring and control - “Tie all access control and monitoring systems to an Uninterruptible Power Source (UPS).” In addition, most all POS servers include UPS systems as a standard component. Maintaining and monitoring all UPS systems is critical to ensuring the integrity of all credit card data.
  • Environmental monitoring and control - Inherent in PCI DSS standards are maintaining an environment conducive to maximizing network equipment uptime. This includes proper cooling and environmental controls for all areas in which data is transported or stored.

Gramm Leach Bliley Act security compliance standards require All Appropriate Cyber, Physical and Operational Protection Measures be taken. The following are quotations from the Federal Financial Institution Examination Council's IT Examination Handbook as of July 2015:

  • Cybersecurity controls - “The institution should have a documented testing and evaluation plan that addresses the integration of security controls, level of assurance desired, and strategies and activities performed in obtaining that assurance.”
  • Physical access control - “Management should deploy adequate physical security in a layered or zoned approach at every IT operations center commensurate with the value, confidentiality, and criticality of the data stored or accessible and the identified risks…An institution should implement policies and procedures to prevent the removal of sensitive electronic information and data. These policies should address the use of laptop computers, personal digital assistants, and portable electronic storage devices.”
  • Environmental monitoring and control - “Every operations center should have adequate heating, ventilation, and air conditioning (HVAC) systems in order for personnel and equipment to function properly. Older computer equipment produces a significant amount of heat, requiring cooling capacity exceeding that of a standard office building. Some newer models do not produce as much heat and thus do not require as much air conditioning. Organizations should plan their HVAC systems with the requirements of their computer systems in mind. Back-up sources of electricity should be able to sustain HVAC systems, because inadequate cooling could render computer equipment inoperable in a short period of time.”
  • Backup power monitoring and control - “Computing equipment should have a continuous uninterrupted power source. Management should take reasonable action to protect computing equipment power sources. Consequently management should monitor and condition the voltage of electricity sources to prevent power fluctuations…Management should configure the UPS to provide sufficient electricity within milliseconds to power equipment until there is an orderly shutdown…Power surges can also damage computer equipment. Consequently management should monitor and condition or stabilize the voltage of electricity sources to prevent power fluctuations.”

The FCC has recommended a number of cybersecurity measures be taken by telecommunications and broadband providers. Among those recommendations are the need to secure Operational Technology systems, such as backup generators and site HVAC systems, as-well-as Internet of Things devices, including Uninterruptible Power Supplies (UPS) and Power Distribution Units (PDU).

In its newly released report from the Communications Security, Reliability, and Interoperability Report of Best Practices to Improve Supply Chain Security of Infrastructure and Network Management Systems, the FCC calls out the vital need to increase the protection and monitoring of Operational Technology systems, including power and cooling systems vital to broadband, telecom and network edge sites. Specifically, they call out the following Best Practices which need to be adhered to in order to protect the data and systems within these sites:

  • Reduce the attack surface by eliminating unnecessary Internet connections to IoT devices in the network. Apply network segmentation to prevent an attacker from moving laterally and compromising assets after intrusion. In particular, IoT and critical device networks should be isolated with firewalls.
  • Adopt comprehensive IoT and operational technology solution to monitor devices, respond to threats, and increase visibility in order to detect and alert when IoT devices with legacy server such as Boa are used as an entry point to a network.
  • Configure detection rules to identify malicious activity.

The Broadband Equity Access Deployment (BEAD) program will supply over $42 Billion in funding to states for the supply and installation of broadband systems for underserved communities in the U.S. The employment of cybersecurity systems for all IT and OT systems (including IoT) is a specific requirement for any successful bid to provide solutions for the BEAD program. Specifically, full compliance with President Biden's Executive Order 14028 is required in order for a bid to be accepted.

This executive order states the following: "The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).”

RackGuardian has been developed with funding from the United States Air Force specifically to secure OT systems that support IT and telecom systems. RackGuardian has been thoroughly tested against actual cyberattacks in severe conditions to ensure that it is capable of withstanding attacks which are likely to take place against broadband and telecom sites. RackGuardian continues to be updated via its link to our secure cloud to ensure the best protection for the OT systems which support your broadband and telecom racks.

AlphaGuardian's Patented Tech

Everything you need to secure your network OT

Cyber/Physical Firewall for your OT devices

RackGuardian is the only rack management device that incorporates an integrated firewall within its hardware. By plugging your rack power, environmental and networking systems into the Private Network Port of RackGuardian, their SNMP ports are now hidden to the outside world.

Powerful Analytics for monitoring your Operational Technology systems

Traditional rack monitoring systems will send you large numbers of nuisance alarms based on human-set alarm technology. RackGuardian's patented Alarm Analytics learns the normal operating conditions for your OT systems in your rack; it will only raise an alarm when a statistically significant event is occurring. RackGuardian is also perfect for the control room of any process plant because it is fully 18.2 compliant.

Secure Cloud-Based App

In the past, rack monitoring systems have required you to view your data via a local DCIM program or via a webpage directly on the rack monitoring unit. Local DCIM software can only monitor a finite number of devices and has to be continuously patched and upgraded. Meanwhile, your rack monitoring unit must maintain open ports which others could use for a cyber attack. AlphaGuardian's secure cloud-based dashboard lets you monitor an unlimited number of racks.

Contact us

Questions about RackGuardian? Send a message using this form, or send an email to info@alphaguardian.net.